General
-
Target
bb89a86c0efde745fa557036ff54500cb62130972446b89584c1d98062b4962b.bin.sample
-
Size
194KB
-
Sample
210920-mz4lmsgdek
-
MD5
643add5f97cc9be75e5d76dda4d1dd11
-
SHA1
27414b414f8e69758964b9d78cc08ff663c53d09
-
SHA256
bb89a86c0efde745fa557036ff54500cb62130972446b89584c1d98062b4962b
-
SHA512
1a3c84d866107a9b69fa8562bb3833ca521a667bbb5d0c0137c8ce9935222e11fb24c7ff69870dc5e7507b5f0af10442afb771f92b1992ef18b49a18a13b121b
Static task
static1
Behavioral task
behavioral1
Sample
bb89a86c0efde745fa557036ff54500cb62130972446b89584c1d98062b4962b.bin.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
bb89a86c0efde745fa557036ff54500cb62130972446b89584c1d98062b4962b.bin.sample.exe
Resource
win10-en
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
bb89a86c0efde745fa557036ff54500cb62130972446b89584c1d98062b4962b.bin.sample
-
Size
194KB
-
MD5
643add5f97cc9be75e5d76dda4d1dd11
-
SHA1
27414b414f8e69758964b9d78cc08ff663c53d09
-
SHA256
bb89a86c0efde745fa557036ff54500cb62130972446b89584c1d98062b4962b
-
SHA512
1a3c84d866107a9b69fa8562bb3833ca521a667bbb5d0c0137c8ce9935222e11fb24c7ff69870dc5e7507b5f0af10442afb771f92b1992ef18b49a18a13b121b
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-